Manage your passwords with LastPass, an in-depth review
Have you ever struggled to remember a password for an account? It happens, we use a lot of accounts, and a different one for each. That makes it difficult to recall the passphrases, but you shoud not use passwords that are easy to guess either. This is why many prefer using a password manager to store them safely, generate secure passwords,, etc. There are plenty of good ones you can choose from. LastPass Password Manager has been around for a long time, and we are going to take a look at everything it has to offer, and compare it with the competition.
LastPass key takeaways
- Generate secure passwords
- Autofill
- Encrypted Vault
- Secure Password Sharing
- Cross-platform access
LastPass main features & specifications summary
- Rating: 4.3/5
- Browser compatibility: Chrome, Firefox, Edge, Safari, Brave, Vivaldi, Opera
- Pricing: Freemium
- Features: Secure password generation, Password sharing, Cross-platform availability
LastPass pros & cons
Pros
- User-friendly
- Generate secure passwords
- Security check to analyse for weak passwords
- Available for all major platforms
- 2-factor authentication
- Browser based (no desktop application required)
- Multiple recovery options
- Dark web monitoring (to check if your logins have been leaked)
- Can store addresses, notes, credit cards, etc
Cons
- Free accounts are limited to 1 device
- No email support for free users
- Not open source
- Premium subscription is expensive
- Telemetry enabled by default
- Mobile app is sub par compared to rivals
Download options for LastPass
- Chrome browser: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd
- Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/
- Safari browser: https://lastpass.com/misc_download2.php
- Edge browser: https://microsoftedge.microsoft.com/addons/detail/lastpass-free-password-m/bbcinlkgjjkejfdpemiealijmmooekmp
- Brave browser: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd
- Opera browser: https://addons.opera.com/en/extensions/details/lastpass/
- Vivaldi browser: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd
LastPass alternatives
| LastPass | Bitwarden | KeePass Password Safe | Dashlane | 1Password | Nordpass | Roboform | |
| Encryption | AES-CBC 256-bit (Vault) PBKDF2 SHA-256 (Encryption Key) |
AES-CBC 256-bit + PBKDF2 SHA-256 |
AES/Rijndael 256-bit, ChaCha20 | AES-256-bit | AES-GCM-256-bit + PBKDF2-HMAC-SHA256 | XChaCha20 256-bit + Argon2 | AES-256-bit + PBKDF2 SHA256 |
| Number of devices | Unlimited (Paid) | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited (only 1 device can be logged in at a time) | Unlimited |
| Supported platforms | Windows, macOS, Linux, Android, iOS | Windows, macOS, Linux, Android, iOS | Windows, macOS, Linux, unofficial clients for Android and iOS | Browser extensions only | Windows, macOS, Linux, Android, iOS | Windows, macOS, Linux, Android, iOS | Windows, macOS, Linux, Android, iOS |
| Supported browsers | Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave | Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave | Unofficial extensions for all major browsers | Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave | Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave | Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave | Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave |
| Two-factor authentication | Yes | Yes | No (vault is stored locally) | Yes | Yes | Yes | Yes |
| Offline usage | Yes (limited) | Yes (Read-only mode) | Yes | Yes | Yes | Yes (Read-only mode) | Yes |
| Secure Password Sharing | Yes | Yes | Entries and the vault can be shared, but the password is not hidden | Yes | Yes | Yes | Yes |
| Master Password Recovery | Yes | No | No | No | No | Yes (Recovery Code) | Yes |
| Security Check | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Price | Free and Paid tiers | Free and Paid tiers | Free and Open Source | Free and Paid tiers | Paid (has a free trial) | Free and Paid tiers | Free and Paid tiers |
What is LastPass Password Manager?
LastPass is a cloud-based password manager available for computers and mobile devices. The encrypted vault data is stored securely on the company's servers. The database can be accessed across platforms: Windows, macOS, Linux, Android, iOS, and all major browsers.
Why do you need it?
It can be difficult to remember the passwords for each and every account that you have for online services. Trying to figure out a strong password is tough too, because if you forget it, that’s going to be a problem. The LastPass extension addresses both issues, and all you need to remember is a single master password to access all your logins. The password manager autofills your username and password without the need for typing the information manually.
How does LastPass work?
Your online credentials are locked in the LastPass vault. The only way to unlock it is by using the master password. Once the database is open, you can make changes to it, add new accounts, access/edit/manage your logins, open the corresponding pages with a click, etc.
LastPass features analysis
Let’s take a closer look at the best features of LastPass, to better understand what it has to offer.
Generate secure passwords
Have you ever tried coming up with a unique password with numbers, special characters, etc? It’s not as easy as it sounds. I think it’s easier to remember a complex password over time, than to actually come up with one. You don't have to think too hard about this, because LastPass Password Manager has a built-in password generator, which you can use to create unique, strong passphrases with a simple click of the mouse.
It allows you to select the rules for generating the passwords, such as using lower case, upper case letters, numbers, symbols, and the length of the password. Once the password is generated, you can save it to the vault, and access it the next time you want to login to the website you were on.
Autofill
Typing your username and password manually can become a chore, especially if they are long and contain special characters. Make a mistake and you have to start over, and that’s especially annoying if your passphrases are lengthy. Copying and pasting them from the password manager isn’t the most convenient method either. And what if you paste it into the wrong window, say a social network site, or a chat? That's not good.
LastPass Password Manager supports autofill, so you don’t have to enter your passwords manually. When you visit a web page that contains a login form, the extension will check your vault to see if the site's URL matches an associated account. And if it finds a match, LastPass will fill the username and password fields automatically, thus saving you the manual effort and time.
Dark Web Monitoring
Have you ever been a victim of a password breach or leak? It can be a traumatic experience. But more importantly, how do you know if one of your logins are compromised? LastPass' Dark Web Monitoring feature keeps an eye on such leaks, say if a social network's servers are hacked. LastPass will check the leaked credentials, and when it finds your username or password has been exposed by the breach, it sends you an email to alert you about it. Then you can act quickly to change your password, and secure your online identity.
Save Notes, Addresses, Credit Cards
LastPass isn't merely a password manager. You can use it to save notes securely, and access them from the vault. It also lets you save your address, which can be a huge time-saver, when you are filling up a form to sign up for a service. Don't type it out, autofill can do the job in a couple of clicks. You may also save your credit card information securely. When you are making an online purchase, don't bother looking at your wallet and taking the card out. Your payment information saved in the LastPass vault, can be used for payments.
Secure Password Sharing
Do you share online accounts with your family? A lot of people do that, for example, to share their Netflix subscription. How do you do that? You either tell them the password or send it to them. The latter isn’t a good idea, because in case it is intercepted by someone else, your account can be misused, aka identity theft.
LastPass Password Manager allows you to securely share passwords with other users, without actually allowing them to view what the passphrase is. This way, your family and friends can access Netflix (or whatever you’re sharing) but they have no idea what the password is, let alone have trouble remembering them. That is amazing, isn’t it? You may optionally allow them to view the password if required.
Emergency Access
The Emergency Access option in LastPass, when enabled, allows your trusted contacts to access your vault in case of emergency. You can set the number of days after which the contact can request access to the account, and you may decline the request within the same time period.
How to use the LastPass browser extension
LastPass is very user-friendly. But if you’re new to password managers, don’t worry about it. We are here to guide you through the set up process, and to help you configure the add-on. Here’s how to use it.
Step 1: Install the LastPass browser extension
Go to the official listing of the LastPass extension, we have provided links for all major browsers above. Choose the one that is appropriate, and install the plugin. You don’t need to install the LastPass desktop application, unless you want to use some of the advanced features.
Step 2: Login to your account
Sign in to your LastPass account if you have one. If you don’t have an account, you can sign up for free, and doing so gives you a free 30 day trial of LastPass Premium (no credit card required).
Step 3: Create your master password
You’ll be asked to create a master password to protect your vault. Don’t use stuff that others can guess like your birthday, nicknames, email address, etc. Choose something unique, which isn’t a pronounceable word. A combination of uncommonly used words is strong and easy to remember, though you may want to add a number and an upper case letter in to the mix. If you forget your master password, you may recover it using a one-time recovery password, or your password hint, or biometrics (Android and iOS), or through SMS account recovery.
Step 4: Start adding passwords
Now that you have signed in to your LastPass account, you can access your vault. This is where the usernames and passwords are stored. But since you have just started, your vault is empty.
There are several ways using which you can store your logins in the vault. You may manually add the passwords from the vault. Or, you can go to the websites where you have an account, and manually sign-in to them. When you do that, LastPass will offer to store the data in your vault. Allow it, and the next time you visit the web page, the password manager will autofill the login credentials for you.
If you’re coming from a different password manager, you can import your passwords from the database to LastPass. It supports CSV, XML, Text files, etc, to make the process easier.
Step 5: Consider changing your passwords with the password generator
When was the last time you changed your email’s password, or your bank’s or social accounts’? You may want to update the passwords, and LastPass can come in handy here. The built-in password generator makes the task simpler.
Step 6: Enable 2-factor authentication
Since your LastPass account is a cloud-based one, you need to protect it by enabling 2-factor authentication, to prevent hackers from accessing your logins. LastPass supports many multifactor authentication apps including LastPass Authenticator, Google Authenticator, Microsoft Authenticator, etc. If you prefer using a different app like Authy, AndOTP or Aegis, you can use that too.
Premium users get two additional methods to unlock the vault, you may use a YubiKey USB device or the fingerprint scanner on your device. Business users have one more option, to use the Salesforce Authenticator.
Step 7: Take the security check
Are your passwords secure? Have you reused the same password on multiple sites? This is actually pretty common. But that doesn’t mean it’s a good thing. LastPass has a built-in security audit function, called Security Dashboard, which can be used to check your login information for potential issues, like duplicated passwords, weak passwords, etc. When it finds a problem, the password manager will alert you, and you can use the password generator to replace a weak password with a secure one.
Step 8: Enable log out after browser is closed
LastPass, by default, does not lock your vault when you close the browser. So, if you were logged in and finished your browsing session, and someone else opened the browser, they can access your vault.
This is not good for privacy and security, so you should go to the Extension Preferences > General > Security, and toggle the box that says Log out when all browsers are closed. You may optionally enable the 2nd setting as well, which will lock the vault after a specific number of minutes.
Step 9: Disable telemetry
The password manager extension collects some anonymous data as you use it. You can disable LastPass’ telemetry collection, by navigating to the Account Settings > General > Show Advanced Settings > Privacy.
There are three options in this section, that you should turn off. “Track History, Help Improve LastPass, and Enable App Attribution".
Step 10: Download the mobile apps
LastPass has official mobile apps for both iOS and Android. Download the app on your smartphone or tablet, and login to your account. LastPass' autofill feature works on both mobile operating systems, regardless of the browsers you use. All changes you make to the vault are synchronized across the platforms.
Frequently asked questions about LastPass
Is LastPass safe to use?
LastPass stores your credentials in a database that is encrypted with a master password. This master password is the key that is used to encrypt and decrypt the vault. The password manager encrypts the vault locally on your device, before it sends the database to be stored on its servers. Only you have access to the key, so even if LastPass suffers from a server breach, your logins are safe, since they are encrypted with a passphrase only known to you. The password manager uses 256-bit AES Encryption to secure your vault. A one-way salted hashing is done by including your username to the master password, after with LastPass hashes the data using PBKDF2-SHA256 rounds to further strengthen the security.
LastPass has had a few security issues in the past, though the vulnerabilities were patched quite quickly. The vault's contents were never affected by these flaws, so yes it is safe to use the service.
How does LastPass make money?
LastPass offers a premium service, which offers some extra features. Premium subscribers are the revenue generators for the company, there are no ads in the free version.
What browsers does LastPass support?
LastPass supports all major browsers including Google Chrome, Mozilla Firefox, Microsoft Edge, Opera Browser, Brave Browser and Vivaldi.
What is the difference between LastPass Free and Premium?
You can try LastPass Premium for free for 30 days. The main drawback of the free account is that it is limited to 1 device, but with a premium subscription, you can use the service on any number of devices. The pro version supports one-to-many sharing, which allows you to share your passwords with multiple users, as opposed to 1 user with the free model.
Going premium gives you 1GB of online storage space, which you can store sensitive documents safely in the cloud. Security Dashboard, Darkweb Monitoring, Emergency Access, and Email Support are the other features exclusive to the premium subscription of the password manager. LastPass Premium includes a free 30-day trial of ExpressVPN.
Bottom line, is LastPass worth it?
LastPass is easy to use, offers all the core features that you'd expect from a password manager, and for the price of free I don't have any complaints with the extension, except for the telemetry, but that can be disabled. That said, the main issue with the free version is that synchronization is restricted to a single device, PC or mobile. Let's face it, if you rely on a password manager, you probably want to use it on your computer and smartphone. But LastPass Premium isn't cheap, the company charges you $3 a month, and that’s before taxes. So, you could wind up paying well over $36 for a year’s subscription.
On the other hand, Bitwarden is the perfect free alternative for LastPass alternative, since it offers nearly the same experience of LastPass (free), but without limiting you to a single device. The service’s extensions and mobile apps are open source, unlike its rival’s proprietary software. The LastPass mobile app is not great, it's clunky. Bitwarden's app has a better GUI, and just works better. Or, you could opt for an offline program such as KeePass Password Safe on your PC, an unofficial open source mobile app like Keepass2Android Password Safe or AuthPass, and a browser extension like Kee. Store your encrypted database in a cloud storage service, and there's your free cross-platform synchronization.
Thank you for being a Ghacks reader. The post Is LastPass Password Manager worth using? appeared first on gHacks Technology News.
0 Commentaires